gitea: remove bootstrap job (immutable error)

services/gitea/kustomization.yaml

@@ -7,4 +7,3 @@ resources:
   - service.yaml
   - pvc.yaml
   - ingress.yaml
-  - oidc-job.yaml

services/gitea/oidc-job.yaml

@@ -1,98 +0,0 @@
-# services/gitea/oidc-job.yaml
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: gitea-oidc-bootstrap
-  namespace: gitea
-spec:
-  # clean and recreate when the manifest changes to avoid immutable pod fields
-  template: {}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: gitea-oidc-bootstrap
-  namespace: gitea
-spec:
-  ttlSecondsAfterFinished: 1800
-  backoffLimit: 1
-  template:
-    metadata:
-      labels:
-        app: gitea
-        job: gitea-oidc-bootstrap
-    spec:
-      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
-        fsGroup: 1000
-      affinity:
-        podAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchLabels:
-                  app: gitea
-              topologyKey: kubernetes.io/hostname
-      restartPolicy: OnFailure
-      volumes:
-        - name: gitea-data
-          persistentVolumeClaim:
-            claimName: gitea-data
-      containers:
-        - name: gitea-oidc-bootstrap
-          image: gitea/gitea:1.23
-          imagePullPolicy: IfNotPresent
-          volumeMounts:
-            - name: gitea-data
-              mountPath: /data
-          env:
-            - name: CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: gitea-oidc
-                  key: client_id
-            - name: CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: gitea-oidc
-                  key: client_secret
-            - name: DISCOVERY_URL
-              valueFrom:
-                secretKeyRef:
-                  name: gitea-oidc
-                  key: openid_auto_discovery_url
-          command:
-            - /bin/bash
-            - -c
-            - |
-              set -euo pipefail
-              APPINI=/data/gitea/conf/app.ini
-              BIN=/usr/local/bin/gitea
-              list="$($BIN -c "$APPINI" admin auth list)"
-              id=$(echo "$list" | awk '$2=="keycloak"{print $1}')
-              if [ -n "$id" ]; then
-                echo "Updating existing auth source id=$id"
-                $BIN -c "$APPINI" admin auth update-oauth \
-                  --id "$id" \
-                  --name keycloak \
-                  --provider openidConnect \
-                  --key "$CLIENT_ID" \
-                  --secret "$CLIENT_SECRET" \
-                  --auto-discover-url "$DISCOVERY_URL" \
-                  --scopes "openid profile email" \
-                  --group-claim-name groups \
-                  --admin-group admin \
-                  --skip-local-2fa
-              else
-                echo "Creating keycloak auth source"
-                $BIN -c "$APPINI" admin auth add-oauth \
-                  --name keycloak \
-                  --provider openidConnect \
-                  --key "$CLIENT_ID" \
-                  --secret "$CLIENT_SECRET" \
-                  --auto-discover-url "$DISCOVERY_URL" \
-                  --scopes "openid profile email" \
-                  --group-claim-name groups \
-                  --admin-group admin \
-                  --skip-local-2fa
-              fi